CVE-2014-3248

NameCVE-2014-3248
DescriptionUntrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
facter (PTS)wheezy1.6.10-1vulnerable
jessie2.2.0-1fixed
buster, sid, stretch2.4.6-1fixed
hiera (PTS)jessie1.3.4-1fixed
buster, sid, stretch3.2.0-2fixed
mcollective (PTS)wheezy2.0.0+dfsg-2vulnerable
sid, jessie2.6.0+dfsg-2.1fixed
puppet (PTS)wheezy2.7.23-1~deb7u3vulnerable
wheezy (security)2.7.23-1~deb7u4vulnerable
jessie (security), jessie3.7.2-4+deb8u1fixed
stretch4.8.2-5fixed
buster, sid4.10.4-2fixed
ruby-hiera (PTS)wheezy1.0.0~rc3-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
factersource(unstable)2.0.1-1low
hierasource(unstable)1.3.4-1low
mcollectivesource(unstable)2.5.2+dfsg-1low
puppetsource(unstable)3.7.0-1low
ruby-hierasource(unstable)(unfixed)low

Notes

[wheezy] - puppet <no-dsa> (Minor issue)
[squeeze] - puppet <no-dsa> (Minor issue)
[wheezy] - ruby-hiera <no-dsa> (Minor issue)
[wheezy] - facter <no-dsa> (Minor issue)
[squeeze] - facter <no-dsa> (Minor issue)
[wheezy] - mcollective <no-dsa> (Minor issue)
http://puppetlabs.com/security/cve/cve-2014-3248
problem in combination with ruby <= 1.9.1

Search for package or bug name: Reporting problems